Create new OIDC authentication type that auto assigns `staff` flag.

[knikolla]

Currently we're using Mokey plugin and making our group membership conform to what the Mokey plugin expects.

We should write our own authenticator that subclasses from OIDC authenticator.

This authenticator should create users in the same way, but use standardized claim values like preferred_username, email, etc.

Additionally, it should sync up group permissions for pi flag (same as mokey) and staff flag for auto assigning the staff role in Django. The groups which map to these permissions should be configurable.

This lays the groundwork for more complex permissions being carried through via groups. And particularly for auto-provisioning required permissions to service account in a centralized place.